[Devel] Re: CVS update: skolelinux/src/webmin-ldap-skolelinux index.cgi

[Petter Reinholdtsen <pere@xxxxxxxxxx>]

>   @@ -85,6 +85,11 @@
>            if ($in{'editpw'}){
>    	    ldap_mod_user ($in{'userUid'}, $rootpw,$rootdn,
>    			   $basedn, 'userPassword', "{crypt}" .&gen_crypt($in{'editpw'})) ;
>   +            if ($config{'sambasync'})
>   +            {
>   +             # update samba password, too
>   +             run_script("smb_create.pl", latin1($in{'userUid'})->utf8, $in{'editpw'}, $rootpw);
>   +            }

Programs should never give password on the command line when starting
other programs.  The arguments are visible to other users (using ps,
top, reading /proc/*, etc), so any user on the system can read the
passwords.  The password arguments should be passed on using the
environment or stdin.